Welcome to issue #374 November 27th, 2023

No official posts from GCP blog, so in this issue community content only. 

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

GKE with Emissary-Ingress - Running Emissary-Ingress on GKE.

How to change Kubernetes PVC storage class & decrease the size - About optimising Kubernetes Persistent Volume costs.

App Development, Serverless, Databases, DevOps

Read-only persistent disks on Google Cloud - Did you know that a Google Cloud Persistent Disk (PD) can be read-only attached to up to 10 instances with full performance and at no extra cost? Check the blog for the ins and outs of using PD read-only attachments with Linux VMs, GKE, and Windows Server.

Using Golang to interact with Google Compute API Part I: Manipulating Compute Engine Instances - Introduction to Google Compute API.

Discover API Proxies with Google Apigee: A Practical Demo - This blog post coveres the basics of how to create a proxy, configure it to route traffic to a backend service, and publish it to an API product and portal on Apigee.

Firestore Tip 6: Automatically Sync Firestore Documents to BigQuery - Including a Video Demo.

All About Utilizing Cloud Functions for Cloud Messaging - Using Firebase Cloud Messaging and Cloud Functions for sending notifications.

Scaling Redis at 7shifts - 7shifts’ journey in caching: Explore the challenges we faced moving beyond a single Redis instance.

SQL queries + pgvector: Retrieval Augmented Generation for PostgreSQL - Using pgvector in PostgreSQL for embeddings.

Anatomy of a CloudEvents and its relevance with SAP and Google Cloud - An overview of CloudEvents and how they can be used on GCP.

Push CloudEvents from Google Cloud Pub/Sub to SAP - This blog post explores alternative strategies for sending events from Google Cloud services to SAP, venturing beyond the pull subscription-based approach.

Send Event from SAP to Pub/Sub: Enabling SAP as a Pub/Sub Publisher - Using ABAP SDK to implement event-driven architecture between SAP and GCP.

Streamlining Data Integration: Consuming Events from Pub/Sub into SAP using ABAP SDK for Google Cloud - This article explains bridging the gap between cloud-based event streaming platforms (Google Cloud Pub/Sub) and on-premises SAP systems.

Big Data, Analytics, ML&AI

BigQuery’s Cross-Region Replication: Elevating Geo-Redundancy for Your Data - Explanation of BigQuery's cross-region dataset replication.

Using the TF_IDF Function in BigQuery - How to evaluate how relevant a Term is to a Tokenized Document.

Using STRUCTS for Audit Fields in BigQuery - Using STRUCTS in BigQuery to group audit data.

How to Flatten the GA4 BigQuery Export Schema for Usage in Relational Databases - This article aims to guide you through the process of flattening the GA4 export schema, making it compatible for use in relational databases outside of BigQuery.

How to customize and serve DBT documentation in Google Cloud Platform - This article explores how to implement a Data Mesh architecture using DBT.

Write SQL with natural language using Vertex AI and BigQuery - Use Vertex AI, PaLM, Codey and BigQuery, with langchain, to create a chatbot with memory that answers to questions using BigQuery.

Vertex AI Model Garden - Vertex AI Model Garden is a collection of pre-built foundation models, task-specific models, and Google ML APIs.

Generative AI - How to Fine Tune LLMs - Vertex AI allows you to fine-tune PaLM models for text, chat, code, and embeddings intuitively and easily.

Deploying efficient Kedro pipelines on GCP Composer / Airflow with node grouping & MLflow - Running ML pipelines with Kedro on Cloud Composer.

Slides, Videos, Audio

Kubernetes Podcast - #212 Confidential Computing, with Fabian Kammel.

Security Podcast - #149 Canned Detections: From Educational Samples to Production-Ready Code.

GCP Life Podcast - #53 “Redhat I apologise, I love you still.“ – In this episode we discuss; Optus Outage, Government Safe Harbour, New Skills Badges, GKE Enterprise, VMWARE Postgres, DP World Hack, Google Calender Exploit, Cybersecurity Forecast, Cloud Spend, Fakespot Chat, Google AI Search.

Releases

AlloyDB - Version 1.5.0 of the AlloyDB Auth Proxy client might fail to connect to AlloyDB instances created before mid-November, 2023.

Anthos clusters on bare metal - 1.14. Release 1.14.11 Anthos clusters on bare metal 1.14.11 is now available for download. Fixes: The following container image security vulnerabilities have been fixed in 1.14.11: Critical container vulnerabilities: CVE-2023-45871 High-severity container vulnerabilities: CVE-2023-1989 CVE-2023-4244 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 CVE-2023-42753 Medium-severity container vulnerabilities: CVE-2021-3507 CVE-2021-3930 CVE-2021-20196 CVE-2022-0216 CVE-2023-0330 CVE-2023-3180 CVE-2023-3772 CVE-2023-34969 CVE-2023-37453 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-42755 Low-severity container vulnerabilities: CVE-2017-16516 CVE-2020-14394 CVE-2021-20203 CVE-2022-24795 CVE-2023-1544 CVE-2023-3301 CVE-2023-3354 CVE-2023-3773 CVE-2023-6176 CVE-2023-33460 CVE-2023-42756. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section. 1.15. Release 1.15.7 Anthos clusters on bare metal 1.15.7 is now available for download. Fixed an issue where CoreDNS Pods can get stuck in an unready state. The following container image security vulnerabilities have been fixed in 1.15.7: Critical container vulnerabilities: CVE-2023-38408 CVE-2023-45871 High-severity container vulnerabilities: CVE-2023-1989 CVE-2023-4244 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 CVE-2023-42753 Medium-severity container vulnerabilities: CVE-2023-3772 CVE-2023-37453 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-42755 Low-severity container vulnerabilities: CVE-2023-3773 CVE-2023-42756. Known issues: For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.

Anthos clusters on VMware - A vulnerability (CVE-2023-5717) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. Anthos clusters on VMware 1.14.10-gke.35 is now available. The following issues are fixed in 1.14.10-gke.35: Fixed the etcd hostname mismatch issue when using FQDN Fixed the issue where deleting a user cluster with a volume attached stalls, in which case the cluster can't be deleted and can't be used.

Google Cloud Armor - Network edge security polices (custom rules) are now available to allowlisted users.

Cloud Asset Inventory - The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed and Search (SearchAllResources, SearchAllIamPolicies) APIs.

Cloud Composer - Between January, 2024 and April, 2024 newly created Cloud Composer 2 environments will start using Python 3.11.

Confidential VM - Confidential Space: You can now use the Split-Trust Encryption Tool (STET) with Confidential Space. Confidential Space.

Datastream - Datastream now supports SSL/TLS encryption for connections to PostgreSQL sources that don't require client certificates.

Cloud Data Loss Prevention - For BigQuery inspection jobs, when you set a sampling limit based on a percentage of the total number of table rows (rowsLimitPercent), Sensitive Data Protection can inspect more rows than expected.

Google Kubernetes Engine - A vulnerability (CVE-2023-5717) has been discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

SAP Solutions - Cloud Storage Backint agent for SAP HANA version 1.0.32 Version 1.0.32 of the Cloud Storage Backint agent for SAP HANA is available.

Cloud Spanner - Cloud Spanner emulator support for the PostgreSQL dialect is now generally available.

Cloud Storage - The Object Retention Lock feature is now available. Regional endpoints are now available in Preview.

VPC Service Controls - Preview stage supported for the following integration: Web Security Scanner. General availability support for the following integration: Confidential Space.

Virtual Private Cloud - You can use Private Service Connect backends to access published services that are hosted on regional internal Application Load Balancers and regional internal proxy Network Load Balancers.